Teleport API Reference

Teleport is currently working on documenting our API.


We are currently working on this project. If you have an API suggestion, please complete our survey.


In order to interact with the Access Request API, you will need to provision appropriate TLS certificates. In order to provision certificates, you will need to create a user with appropriate permissions:

$ cat > rscs.yaml <<EOF
kind: user
  name: access-plugin
  roles: ['access-plugin']
version: v2
kind: role
  name: access-plugin
      - resources: ['access_request']
        verbs: ['list','read','update']
    # teleport currently refuses to issue certs for a user with 0 logins,
    # this restriction may be lifted in future versions.
    logins: ['access-plugin']
version: v3
# ...
$ tctl create rscs.yaml
# ...
$ tctl auth sign --format=tls --user=access-plugin --out=auth
# ...

The above sequence should result in three PEM encoded files being generated: auth.crt, auth.key, and auth.cas (certificate, private key, and CA certs respectively).

Note: by default, tctl auth sign produces certificates with a relatively short lifetime. For production deployments, the --ttl flag can be used to ensure a more practical certificate lifetime.


Audit Events API

Coming Soon

Certificate Generation API

Coming Soon

Tokens API

Coming Soon

Workflow API

Coming Soon

apartmentTeleport Enterprise

Teleport Enterprise is built around the open-source core, with premium support and additional, enterprise-grade features. It is for organizations that need to secure critical production infrastructure and meet compliance and audit requirements.

Demo Teleport Enterprise

get_appTeleport Community

Teleport Community provides modern SSH best practices out of the box for managing elastic infrastructure. Teleport Community is open-source software that anyone can download and install for free.


Download Teleport Community